December 5, 2022

TheCyberThrone

Thinking Security ! Always

Follina Mitigation Details Emerges

According to Microsoft, administrators can preempt attacks exploiting CVE-2022-30190 by disabling the MSDT protocol. This stops malicious actors from launching troubleshooters and from executing code on vulnerable systems.

The process for disabling the MSDT URL protocol on a Windows device is as follows:

  1. Run Command Prompt as an Administrator.
  2. To create a backup of the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt ms-msdt.reg
  3. Then, execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f
Advertisements

Once Microsoft issues a CVE-2022-30190 patch, administrators can undo the workaround by launching an elevated command prompt and executing the reg import ms-msdt.reg command

Though Microsoft notes that the Microsoft Office Protected View and Application Guard can block CVE-2022-30190 attacks, analysts discovered that the security feature does not block exploitation attempts if targets preview the malicious content in Windows Explorer.

It is advised that admins disable the Preview pane in Windows Explorer in order to remove the attack vector.

%d bloggers like this: